[twitter-dev] OAuth image upload: how does Twitter want to see multi-part post OAuth parts?
Can anyone from Twitter, or someone who's successfully done it with a consumer library, please lay out the exact format of the HTTP request Twitter expects for an OAuth-signed image upload? By my reading the OAuth spec allows several possibilities, assuming multi-part POST: 1. Only the the image (and tile) parameters are in the POST entity. All the OAuth-specific parameters are in the HTTP Authorization header, thereby allowing them to be signed. 2. All the parameters, OAuth ones and image ones, are in the POST entity, leaving nothing by the HTTP method and URL to be signed using the OAuth signature. 3. The OAuth specific parameters appear in the query string of the POST url, and once again the image parameter appears in the POST entity. Which of these does Twitter support? I'm trying #1 without any success. Before investing in upgrading my library to support each of these scenarios, I'd like to know which one will end up successful. Right now I'm getting Status 500 errors. Thanks.
[twitter-dev] Re: A New API For Browserless Apps?
I agree with Isaiah. This is a huge improvement over the current PIN workflow. When will this roll out? Is there an authorization endpoint we can use now for testing purposes? That would be great. On Dec 10 2009, 8:58 am, Isaiah supp...@yourhead.com wrote: This seems like a dramatic improvement to me. When will Twitter start rolling out support for this, I'd like to be ready with something on github for this as soon as it lands. Isaiah YourHead Software supp...@yourhead.comhttp://www.yourhead.com On Dec 10, 2009, at 5:22 AM, Raffi Krikorian wrote: we're not making any fundamental changes to oauth - your apps should continue to work fine. the changes that we are making involve implementing http://tools.ietf.org/html/draft-dehora-farrell-oauth-accesstoken-cre this will allow applications to obtain oauth tokens for a user given the user's username / password. On Thu, Dec 10, 2009 at 1:06 AM, Rich rhyl...@gmail.com wrote: Also if you're going to make changes to oAuth and the way it works currently... please bear in mind many of us already have production apps using oAuth. Maybe you could move the oAuth to versioning to allow us time to move to newer methods as and when you release them? On Dec 9, 7:46 pm, Duane Roelands duane.roela...@gmail.com wrote: If we're talking about replacing the PIN Workflow, then this is a good idea. If we're talking about completely different interfaces for web and desktop apps, I can't see how that's an improvement. Seeing as the Search API is still not in line with the rest of the API, does this mean that we're going to have three disparate incompatible interfaces to juggle? How is that an improvement? -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
[twitter-dev] Invalid HTTP response when 500 status repsonses are sent from Twitter
Twitter sends this in response to an OAuth message it deems unworthy. Note that *all* that I copied below is part of the response *body*. The first two lines *look* like they belong in the response headers. But in fact they are not (two preceding \r\n before the start). And the response is a 200 OK response, actually (perhaps because no status is included? I don't know). Also note that the the entire body is included *twice*. Status: 500 Internal Server Error Content-Type: text/html htmlbodyh1500 Internal Server Error/h1/body/htmlStatus: 500 Internal Server Error Content-Type: text/html htmlbodyh1500 Internal Server Error/h1/body/html -- Andrew Arnott I [may] not agree with what you have to say, but I'll defend to the death your right to say it. - S. G. Tallentyre
Re: [twitter-dev] Re: Streaming API Tokenizing Process
2010/1/10 Damon C d.lifehac...@gmail.com OK, so it looks like I misunderstood the docs, as it relates to the punctuation. I understood this: Terms are exact-matched, and also exact-matched ignoring punctuation. to mean that if I provide a keyword with punctuation, the punctuation will be ignored when matching. Some testing reveals that is not the case. If I provide omg!! as a keyword, it will exact-match omg's with two exclamation marks. If I provide just omg, it will match omg's, as well as omg's with exclamation marks. That said, I'm still confused by the fact that twitter will match http://twitter.com; when the docs say it won't. And I'm still wondering what exactly Twitter defines as punctuation. dpc On Jan 10, 11:44 am, Damon C d.lifehac...@gmail.com wrote: This question is directed towards John, but happy to hear how other folks do it as well. Twitter устарел еще с начала всех дел Damon/@dacort
[twitter-dev] Adding lists als filter in Twitter Search?
Anyone aware of plans by Twitter give us an additional filter in Search based on lists? I would very much like the option to search only for a certain #tag in the tweets of a designated group without all the programming involved now. Thanks.
[twitter-dev] Re: OAuth image upload: how does Twitter want to see multi-part post OAuth parts?
Still trying to post images to Twitter using OAuth unsuccessfully. Can someone please help? My latest attempt is inline with what I can gather from other people who claim to do it successfully: put ALL parameters in the multipart entity and have a very simple OAuth signature base string:. The signature was constructed based on this signature base string: POSThttp%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml And here is the raw text I sent: POST /account/update_profile_image.xml HTTP/1.1 Content-Type: multipart/form-data; boundary=2e280788-b8f5-4c5e-a05b-9be7ad76fac7 User-Agent: DotNetOpenAuth/3.4.0.10010 Host: twitter.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20134 --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_token 14821025-bq1rTNjyfQrOtb181Alwt0UHPJTffxXDOahZtBrK8 --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_consumer_key ONxVX5b14DpiVGlprq1yA --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_nonce zvj9dhYY --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_signature_method HMAC-SHA1 --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_signature IKIkDXQC6JPELXTUv8oU7byaXSU= --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_version 1.0 --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_timestamp 1263176820 --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=image; filename=thomas jefferson.jpg Content-Type: image/jpg Content-Transfer-Encoding: binary beginning of raw binary data --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 -- Andrew Arnott I [may] not agree with what you have to say, but I'll defend to the death your right to say it. - S. G. Tallentyre On Sat, Jan 9, 2010 at 4:59 PM, Andrew Arnott andrewarn...@gmail.comwrote: Can anyone from Twitter, or someone who's successfully done it with a consumer library, please lay out the exact format of the HTTP request Twitter expects for an OAuth-signed image upload? By my reading the OAuth spec allows several possibilities, assuming multi-part POST: 1. Only the the image (and tile) parameters are in the POST entity. All the OAuth-specific parameters are in the HTTP Authorization header, thereby allowing them to be signed. 2. All the parameters, OAuth ones and image ones, are in the POST entity, leaving nothing by the HTTP method and URL to be signed using the OAuth signature. 3. The OAuth specific parameters appear in the query string of the POST url, and once again the image parameter appears in the POST entity. Which of these does Twitter support? I'm trying #1 without any success. Before investing in upgrading my library to support each of these scenarios, I'd like to know which one will end up successful. Right now I'm getting Status 500 errors. Thanks.
[twitter-dev] Re: Streaming API Tokenizing Process
That'd definitely be appreciated. This is where I ended up today (from a ruby perspective) and it seems to be getting the job done. def tokenize(tweet) tokens = tweet[text].split(/\s+/).map{|w| w.downcase} tokens |= tokens.map{|x| x.gsub(/[^\w]+/, ).strip.split(/\s +/)}.flatten end On Jan 10, 4:31 pm, John Kalucki j...@twitter.com wrote: The broader track matching is indeed confusing. It errs on the side of over-delivery. The assumption is that there is post-processing on the client end to perform the precise filtering required. I've added a note to take another pass at the documentation and the filtering. -John Kaluckihttp://twitter.com/jkalucki Services, Twitter Inc. On Sun, Jan 10, 2010 at 12:17 PM, Damon C d.lifehac...@gmail.com wrote: OK, so it looks like I misunderstood the docs, as it relates to the punctuation. I understood this: Terms are exact-matched, and also exact-matched ignoring punctuation. to mean that if I provide a keyword with punctuation, the punctuation will be ignored when matching. Some testing reveals that is not the case. If I provide omg!! as a keyword, it will exact-match omg's with two exclamation marks. If I provide just omg, it will match omg's, as well as omg's with exclamation marks. That said, I'm still confused by the fact that twitter will match http://twitter.com; when the docs say it won't. And I'm still wondering what exactly Twitter defines as punctuation. dpc On Jan 10, 11:44 am, Damon C d.lifehac...@gmail.com wrote: This question is directed towards John, but happy to hear how other folks do it as well. I've got a couple questions regarding the tokenizing process on the streaming API. This would be remedied pretty easily with an example from Twitter as to their tokenizing process/regexp as I'm slightly confused what keywords would match. It would also be useful so I could know what tokens a specific status update will generate for an efficient hash lookup. i.e. if I do a simple split on [^\w]+ regexp, is that going to generate the correct set of tokens? In addition to the specifics of tokenizing, the docs state that the keyword Twitter will not match twitter.com. In a quick bit of testing (with delicious url's, less traffic), it seems that the keyword icio will matchhttp://icio.us/. I also currently have open streams just matching portions of a domain and it appears to be working. The docs make it seem as if punctuation is matched, but what is defined as punctuation (by Twitter)? And if the docs are correct, how would one match twitter.com? Confused in Seattle, Damon/@dacort
[twitter-dev] Re: Any iPhone Twitter apps with OAuth login ?
Hi Raffi For me there are two very important changes that need to be made to the oAuth login page 1) The DENY button is currently default, which means if you hit the return button on the iPhone keyboard is uses DENY instead of ALLOW. Please change the default button! 2) Please have a mobile friendly version like the m.twitter.com login page so that it fits a 320px wide screen without zooming. On Jan 8, 10:54 pm, Fabien Penso fabienpe...@gmail.com wrote: On Fri, Jan 8, 2010 at 11:24 PM, Raffi Krikorian ra...@twitter.com wrote: hey fabien (and the rest of the list). what do you think we could do to improve this for all of you? i'm actively interested in making it better. feel free to add to this thread, or mail me personally. Raffi, That would be such a great improvement. I think the required changes is small, I would go very simple and just display a login/password and the 2 buttons approve/deny in *large* without the sidebox on the right you have currently, as it's not needed. Something like what you get when you browse twitter.com/username from your iPhone.
[twitter-dev] Re: background url showing via api, but not on profile
bump On Jan 1, 2:24 pm, Kyle Mulka repalvigla...@yahoo.com wrote: The profile background image URL of this user shows up in the API, but it doesn't show up on their profile page. What’s happening? profile page:http://twitter.com/dirk100 API:http://www.twitter.com/users/show.xml?screen_name=dirk100 background image URL in API:http://a1.twimg.com/profile_background_images/63365544/twilk_backgrou... -- Kyle Mulka Founder, Congo Labshttp://twilk.com
Re: [twitter-dev] When does the rate limit increase for oAuth apps go into effect?
Oh yes. Just noticed that in the response headers. Thanks! Though calling rate_limit_status on both twitter.com and api.twitter.com/1returns the 150 per hour values. On Mon, Jan 11, 2010 at 12:11 PM, srikanth reddy srikanth.yara...@gmail.com wrote: I am already seeing some change(not 10x though) with retweets api that use api.twitter.com/1 On Mon, Jan 11, 2010 at 9:38 AM, Harshad RJ harshad...@gmail.com wrote: Ditto. ETA please. On Wed, Dec 16, 2009 at 1:22 PM, M. Edward (Ed) Borasky zzn...@gmail.com wrote: I see that applications that authenticate with oAuth are going to get a 10X increase in the number of API calls they can make per hour. When does that go into effect? -- Harshad RJ http://hrj.wikidot.com -- Harshad RJ http://hrj.wikidot.com
[twitter-dev] Looking for assistance: custom search widget (search hashtag within list tweets)
Dear all out here, For a local online social network (volunteer project) I would very much like to present our users with selected local tweets. What I would like to do is this: + present a widget on our main page (much like Twitter's own widget: http://twitter.com/goodies/widget_search) + include in the widget only tweets from people on a designated list AND only those with a special hashtag. Given that Twitter currently does not allow one to filter for a specific list in the Search API, all this probable means that some additional programming is involved, including having a database in the middle for storage (also handy in case of Twitter outages). Next to that it would be nice if the tweets appearing in the widget would have nice links and hashtags links to search. Given that I am not that much of an advanced programmer, I am looking for (generous) people who would be willing to point me in the right direction or maybe have some basic code available supporting all of this. Many thanks in advance. Best regards, Marcel The Netherlands
Re: [twitter-dev] Re: background url showing via api, but not on profile
thanks for bumping :P there is a fix in the pipeline for this issue -- we're just waiting on getting it deployed out. On Mon, Jan 11, 2010 at 2:03 AM, Kyle Mulka repalvigla...@yahoo.com wrote: bump On Jan 1, 2:24 pm, Kyle Mulka repalvigla...@yahoo.com wrote: The profile background image URL of this user shows up in the API, but it doesn't show up on their profile page. What’s happening? profile page:http://twitter.com/dirk100 API:http://www.twitter.com/users/show.xml?screen_name=dirk100 background image URL in API: http://a1.twimg.com/profile_background_images/63365544/twilk_backgrou... -- Kyle Mulka Founder, Congo Labshttp://twilk.com -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
[twitter-dev] Display latest tweets from multiple Twitterers?
Hi, Using the code found here: http://css-tricks.com/snippets/php/get-latest-twitter-status/ I can display the latest tweet for a single twitter user. My question is this: is it possible to get the latest tweet from multiple users this way or a similar method? My plan is to have users submit their username via a form, and this data is written to an xml file. I am hoping to tie all this together to display multiple tweets from users who have submitted their data on one page. Is it possible? Are there any examples or sites that you know of that I could look at? Many thanks, CG
Re: [twitter-dev] Re: Best way to pull/cache location based search results?
On Mon, Jan 11, 2010 at 9:09 AM, GeorgeMedia georgeme...@gmail.com wrote: Is what you are suggesting to basically consume the entire firehose as it comes in and look for geo parameters/locations in real time? My Yes, that’s what I’m suggesting. The current API features constraints won’t support what you’re trying to do except on a limited basis. You are better off consuming the firehose, geocoding tweets whatever way you see fit, and throwing away the rest. That’s based on your statement/need of 200,000+ geographic points of interest. You might consider drastically reducing that problem set to something which does work within the current API constraints and features as a proof of concept to see if you really need all 200,000+ points of interest or if you can start with a smaller set. But if you really want such a large number of points of interest, you’re better off consuming the firehose and doing the filtering on your end, it’s much less complex. Might also look at what gnip.com is providing, though they seem to be in the process of relaunching. -- -ed costello @epc / +13474080372
[twitter-dev] Re: 404 Errors on friends and followers using cursors
As far as I can tell, there has been no progress on this. There is a bug open for the issue, if you would like to follow it: http://code.google.com/p/twitter-api/issues/detail?id=1264 On Jan 9, 8:30 am, bear bea...@gmail.com wrote: I am now seeing this on some of my own accounts - has any movement or fix been applied? here is the url i'm trying: curlhttp://twitter.com/statuses/friends/codebear.json -- returns [] curlhttp://twitter.com/statuses/friends/manta.json -- returns {request:/statuses/friends/manta.json,error:Not found} On Dec 28 2009, 2:42 pm, Mageuzi mage...@gmail.com wrote: Sorry to keep bringing this up, but this is still causing problems for me. Is there any follow-up as to what the issue is? Thanks in advance. On Dec 22, 10:06 pm, Mageuzi mage...@gmail.com wrote: Is there an update to the status of this issue? A user of my program reported a problem that ended up being this. While trying to iterate through:http://api.twitter.com/1/statuses/friends/oevl.xml Cursor 1274505087418535016 returned fine and contained a next_cursor value of 1267920196862230269. That value returned a 404. On Dec 8, 1:32 pm, Ammo Collector binhqtra...@gmail.com wrote: If you get the following URLs and continue to using the next_cursor, you receive incorrect 404s: http://twitter.com/statuses/friends/debra_bee.xml?cursor=130554434315... Any ideas?
Re: [twitter-dev] Re: Best way to pull/cache location based search results?
Repeated automated queries to search isn't a complete strategy, as search does not provide full corpus search and the rate limits are fairly low. Trending can usually be done on Spritzer or the Gardenhose. I'd grab Spritzer and see what you can determine by examining the Location field and the geotag. Trying to first filter by location doesn't seem to be a good strategy, as it's going to be hard to get enough data for each location. The Gardenhose gives you plenty of data when you are ready. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc. On Mon, Jan 11, 2010 at 6:09 AM, GeorgeMedia georgeme...@gmail.com wrote: ecp and Mark thanks. I understand what you're saying but I'm having a hard time grasping how the streaming api would be better. Here's why: Like I said earlier, I have over 200,000 locations (and growing) in my database. I'll soon be pulling them in dynamically from other geo location api's so I'll in effect have the entire world! (insert evil world domination laugh). And users will be looking for locations randomly so... how do you cache that? I'm stumped. The problem is, like you said relying on the location field would be a bit of a hairball. So my 2 questions are how do I send geo parameters to the firehose/streaming api? And will it return the same results set as if I did it via the search api with the geocode= parameter. Also, can I specify radius like in the search api? Is what you are suggesting to basically consume the entire firehose as it comes in and look for geo parameters/locations in real time? My application is simply a way to let users come to the site and look for local tweets and trends by city. Example: http://www.twocals.com/twt/il/belleville
Re: [twitter-dev] Display latest tweets from multiple Twitterers?
Consider the follow parameter on the Streaming API after an initial REST call to obtain some historical backfill. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc. On Mon, Jan 11, 2010 at 8:11 AM, CG tusasupp...@googlemail.com wrote: Hi, Using the code found here: http://css-tricks.com/snippets/php/get-latest-twitter-status/ I can display the latest tweet for a single twitter user. My question is this: is it possible to get the latest tweet from multiple users this way or a similar method? My plan is to have users submit their username via a form, and this data is written to an xml file. I am hoping to tie all this together to display multiple tweets from users who have submitted their data on one page. Is it possible? Are there any examples or sites that you know of that I could look at? Many thanks, CG
[twitter-dev] When will delete list members and delete list be fixed?
There has been an accepted defect in the issue tracker which really should be a high priority and there has been no word of any status on a fix. The defect is that any developers who cannot use a DELETE request were supposed to be able to make a POST request with a _method=DELETE param, but that has never actually worked. This leaves list management functionality *complete broken* for any client that cannot issue a DELETE request. This was first noted in November, and the defect was accepted one month ago: http://code.google.com/p/twitter-api/issues/detail?id=1239
Re: [twitter-dev] Download avatar 2009 for free
Hmm, looks like someone is joe-jobbing me now. Sorry about that, I'm cleaning up. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Funny, I don't remember being absent minded. ---
Re: [twitter-dev] Download avatar 2009 for free
On 1/11/2010 10:28 AM, Cameron Kaiser wrote: Hmm, looks like someone is joe-jobbing me now. Sorry about that, I'm cleaning up. I would suggest that whoever is running this group put all new members on moderated (or even all on moderated) because a nasty spambot is running around currently. I've also seen porn spam sent about Angelina Jolie lately.
Re: [twitter-dev] Download avatar 2009 for free
I would suggest that whoever is running this group put all new members on moderated (or even all on moderated) because a nasty spambot is running around currently. I've also seen porn spam sent about Angelina Jolie lately. All new members are automatically moderated, which is why posts from new users tend to come in bunches when one of the moderators clears the queue. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Do not use for personal hygiene. -- Actual label, toilet brush -
Re: [twitter-dev] Download avatar 2009 for free
On 1/11/2010 10:40 AM, Cameron Kaiser wrote: I would suggest that whoever is running this group put all new members on moderated (or even all on moderated) because a nasty spambot is running around currently. I've also seen porn spam sent about Angelina Jolie lately. All new members are automatically moderated, which is why posts from new users tend to come in bunches when one of the moderators clears the queue. well, guess one got through.
Re: [twitter-dev] Download avatar 2009 for free
I would suggest that whoever is running this group put all new members on moderated (or even all on moderated) because a nasty spambot is running around currently. I've also seen porn spam sent about Angelina Jolie lately. All new members are automatically moderated, which is why posts from new users tend to come in bunches when one of the moderators clears the queue. well, guess one got through. Please look at the headers of that one more carefully. In this case, it was a joejob of an existing approved member (in this case, yours truly). As it happens, I had been mulling over implementing SPF on my local server, and this is now a good time to do it. However, that is not a failure of moderation. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- If your happiness depends on anyone else, you've got a problem. -- R. Bach -
Re: [twitter-dev] Download avatar 2009 for free
On Mon, Jan 11, 2010 at 12:43 PM, John Meyer john.l.me...@gmail.com wrote: On 1/11/2010 10:40 AM, Cameron Kaiser wrote: I would suggest that whoever is running this group put all new members on moderated (or even all on moderated) because a nasty spambot is running around currently. I've also seen porn spam sent about Angelina Jolie lately. All new members are automatically moderated, which is why posts from new users tend to come in bunches when one of the moderators clears the queue. well, guess one got through. You'll note: 1. That's Cameron's address. 2. Cameron is far from new here. 3. This is an old spoofing problem, many months old now, across Google Groups. It's ridiculously easy to do, and overly difficult to manage. ∞ Andy Badera ∞ +1 518-641-1280 Google Voice ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=andrew%20badera
Re: [twitter-dev] Download avatar 2009 for free
Cameron, Google groups does respect SPF records, so if you tighten that down in your DNS setup, you can avoid this crap ... --ab On Mon, Jan 11, 2010 at 12:47 PM, Cameron Kaiser spec...@floodgap.com wrote: I would suggest that whoever is running this group put all new members on moderated (or even all on moderated) because a nasty spambot is running around currently. I've also seen porn spam sent about Angelina Jolie lately. All new members are automatically moderated, which is why posts from new users tend to come in bunches when one of the moderators clears the queue. well, guess one got through. Please look at the headers of that one more carefully. In this case, it was a joejob of an existing approved member (in this case, yours truly). As it happens, I had been mulling over implementing SPF on my local server, and this is now a good time to do it. However, that is not a failure of moderation. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- If your happiness depends on anyone else, you've got a problem. -- R. Bach -
Re: [twitter-dev] Download avatar 2009 for free
Google groups does respect SPF records, so if you tighten that down in your DNS setup, you can avoid this crap ... Yup. See headers now. :) -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- I, for one, welcome our new C64 overlords. -- John Floren --
Re: [twitter-dev] Download avatar 2009 for free
My mistake then. appy-pollo-gees On 1/11/2010 10:47 AM, Andrew Badera wrote: On Mon, Jan 11, 2010 at 12:43 PM, John Meyerjohn.l.me...@gmail.com wrote: On 1/11/2010 10:40 AM, Cameron Kaiser wrote: I would suggest that whoever is running this group put all new members on moderated (or even all on moderated) because a nasty spambot is running around currently. I've also seen porn spam sent about Angelina Jolie lately. All new members are automatically moderated, which is why posts from new users tend to come in bunches when one of the moderators clears the queue. well, guess one got through. You'll note: 1. That's Cameron's address. 2. Cameron is far from new here. 3. This is an old spoofing problem, many months old now, across Google Groups. It's ridiculously easy to do, and overly difficult to manage. ∞ Andy Badera ∞ +1 518-641-1280 Google Voice ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=andrew%20badera
[twitter-dev] Migration to streaming?
I just saw the announcement on Twitter-API-Announce about migrating to streaming. I'm curious about a couple of things: 1. If your application polls for keywords, mentions, is whitelisted on the Search API, or makes more than perhaps 10 queries per minute, you should begin your migration to Streaming. Desktop clients should postpone a migration to Streaming. I'm making far less than 10 queries per minute - more like 1 or 2. I'm now seeing a rate limit on the Search API of 150 calls per hour, and my code adjusts to that. I have something planned that will work best on the streaming API. It will be a desktop client, though - I don't have a business case for building servers. Is there any reason for staying away from streaming just because I'm building a desktop client? 2. Complete corpus search: Search is focused on result set quality and there are no guarantees to return all matching tweets. Complete results are only available on the Streaming API. Search results are increasingly filtered and reordered for relevance. I was under the impression from the documentation that tweets going into the Streaming API were in fact subject to the same Quality Filtering of users as the search API. That is: https://twitterapi.pbworks.com/Streaming-API-Documentation Both the Streaming API and the Search API filter out all statuses from low-quality users. Unlike Search, Streaming does not filter or rank statuses for relevance, all statuses are available. Is there some clarification available on the differences between what's filtered out of both Streaming and Search and what's filtered out of Search only?
Re: [twitter-dev] Migration to streaming?
We're not ready to fully support desktop clients on the Streaming API. Connection counts, permissions issues to protected statuses, OAuth, etc, still need to be addressed. At the moment, we're trying to move services over where possible. Desktop client experimentation is fine, but full support for desktop clients from our end isn't practical yet. Both Search and Streaming discard all statuses from low-quality users. Search additionally filters the remaining statuses for relevance and ranking purposes. This may be hard to see now, unless you cross-reference the Streaming results, but this divergence will soon accelerate and become more obvious. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc. On Mon, Jan 11, 2010 at 11:25 AM, M. Edward (Ed) Borasky zzn...@gmail.comwrote: I just saw the announcement on Twitter-API-Announce about migrating to streaming. I'm curious about a couple of things: 1. If your application polls for keywords, mentions, is whitelisted on the Search API, or makes more than perhaps 10 queries per minute, you should begin your migration to Streaming. Desktop clients should postpone a migration to Streaming. I'm making far less than 10 queries per minute - more like 1 or 2. I'm now seeing a rate limit on the Search API of 150 calls per hour, and my code adjusts to that. I have something planned that will work best on the streaming API. It will be a desktop client, though - I don't have a business case for building servers. Is there any reason for staying away from streaming just because I'm building a desktop client? 2. Complete corpus search: Search is focused on result set quality and there are no guarantees to return all matching tweets. Complete results are only available on the Streaming API. Search results are increasingly filtered and reordered for relevance. I was under the impression from the documentation that tweets going into the Streaming API were in fact subject to the same Quality Filtering of users as the search API. That is: https://twitterapi.pbworks.com/Streaming-API-Documentation Both the Streaming API and the Search API filter out all statuses from low-quality users. Unlike Search, Streaming does not filter or rank statuses for relevance, all statuses are available. Is there some clarification available on the differences between what's filtered out of both Streaming and Search and what's filtered out of Search only?
[twitter-dev] Re: Best way to pull/cache location based search results?
Thank you everyone. To quote an internet meme, you're doing it wrong seems to be the consensus here. Your comments have shed light on the dark areas for me. So if I may bounce this off you to see if you've successfully pointed me in the right direction, a new and better approach would be to: 1) Check out the spritzer.json stream to see what type of data I get back and formulate how I could make use of it. Basically do what ecp suggested and check the geo/location fields for viable data then do my own geocoding with what is in my database. Or on the fly geocoding with sites like hostip.info or geoapi or yahooapi. 2) Once I have that methodology down I to grab the gardenhose (or firehose depending on how much data I can handle) at say every 30 seconds to grab a fresh data set so my users are seeing data that is at most 30 seconds or so old. Right path or still not getting it?
Re: [twitter-dev] Re: Best way to pull/cache location based search results?
You should continuously consume Streaming API feeds and store the results. Then, periodically run your algorithms over the stored set as required. Trending will require examining more data than every 30 seconds, especially if you are slicing by geo. On Mon, Jan 11, 2010 at 11:51 AM, GeorgeMedia georgeme...@gmail.com wrote: Thank you everyone. To quote an internet meme, you're doing it wrong seems to be the consensus here. Your comments have shed light on the dark areas for me. So if I may bounce this off you to see if you've successfully pointed me in the right direction, a new and better approach would be to: 1) Check out the spritzer.json stream to see what type of data I get back and formulate how I could make use of it. Basically do what ecp suggested and check the geo/location fields for viable data then do my own geocoding with what is in my database. Or on the fly geocoding with sites like hostip.info or geoapi or yahooapi. 2) Once I have that methodology down I to grab the gardenhose (or firehose depending on how much data I can handle) at say every 30 seconds to grab a fresh data set so my users are seeing data that is at most 30 seconds or so old. Right path or still not getting it?
[twitter-dev] Re: OAuth image upload: how does Twitter want to see multi-part post OAuth parts?
If you are familiar with Java, try Twitter4J. The latest snapshot supports image upload with OAuth. http://groups.google.com/group/twitter4j/browse_thread/thread/d548993dd3a4fc84 On 1月11日, 午前11:37, Andrew Arnott andrewarn...@gmail.com wrote: Still trying to post images to Twitter using OAuth unsuccessfully. Can someone please help? My latest attempt is inline with what I can gather from other people who claim to do it successfully: put ALL parameters in the multipart entity and have a very simple OAuth signature base string:. The signature was constructed based on this signature base string: POSThttp%3A%2F%2Ftwitter.com%2Faccount%2Fupdate_profile_image.xml And here is the raw text I sent: POST /account/update_profile_image.xml HTTP/1.1 Content-Type: multipart/form-data; boundary=2e280788-b8f5-4c5e-a05b-9be7ad76fac7 User-Agent: DotNetOpenAuth/3.4.0.10010 Host: twitter.com Cache-Control: no-store,no-cache Pragma: no-cache Content-Length: 20134 --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_token 14821025-bq1rTNjyfQrOtb181Alwt0UHPJTffxXDOahZtBrK8 --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_consumer_key ONxVX5b14DpiVGlprq1yA --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_nonce zvj9dhYY --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_signature_method HMAC-SHA1 --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_signature IKIkDXQC6JPELXTUv8oU7byaXSU= --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_version 1.0 --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=oauth_timestamp 1263176820 --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 Content-Disposition: form-data; name=image; filename=thomas jefferson.jpg Content-Type: image/jpg Content-Transfer-Encoding: binary beginning of raw binary data --2e280788-b8f5-4c5e-a05b-9be7ad76fac7 -- Andrew Arnott I [may] not agree with what you have to say, but I'll defend to the death your right to say it. - S. G. Tallentyre On Sat, Jan 9, 2010 at 4:59 PM, Andrew Arnott andrewarn...@gmail.comwrote: Can anyone from Twitter, or someone who's successfully done it with a consumer library, please lay out the exact format of the HTTP request Twitter expects for an OAuth-signed image upload? By my reading the OAuth spec allows several possibilities, assuming multi-part POST: 1. Only the the image (and tile) parameters are in the POST entity. All the OAuth-specific parameters are in the HTTP Authorization header, thereby allowing them to be signed. 2. All the parameters, OAuth ones and image ones, are in the POST entity, leaving nothing by the HTTP method and URL to be signed using the OAuth signature. 3. The OAuth specific parameters appear in the query string of the POST url, and once again the image parameter appears in the POST entity. Which of these does Twitter support? I'm trying #1 without any success. Before investing in upgrading my library to support each of these scenarios, I'd like to know which one will end up successful. Right now I'm getting Status 500 errors. Thanks.
[twitter-dev] Re: Migration to streaming?
On Jan 11, 11:50 am, John Kalucki j...@twitter.com wrote: We're not ready to fully support desktop clients on the Streaming API. Connection counts, permissions issues to protected statuses, OAuth, etc, still need to be addressed. At the moment, we're trying to move services over where possible. Desktop client experimentation is fine, but full support for desktop clients from our end isn't practical yet. At this point, I'm testing sample but not filter. But if I'm going to lose tweets by using Search rather than filter, I guess I need to be testing with filter. Both Search and Streaming discard all statuses from low-quality users. Search additionally filters the remaining statuses for relevance and ranking purposes. This may be hard to see now, unless you cross-reference the Streaming results, but this divergence will soon accelerate and become more obvious. Do I need to be monitoring this? Via a desktop, since I don't have a server business case? ;-) One change I'd love to see in the search API would be removal of verbatim retweets. If Bob makes a statement, why should Carol and Ted and Alice show up when I search for it? ;-)
[twitter-dev] Re: Best way to pull/cache location based search results?
I understand there's a limitation on who is allowed to consume the firehose/gardenhose? I know my app, IPs, and username are whitelisted for the REST API but I am assuming getting access to the gardenhose requires that I contact someone at Twitter? Or has that changed since it is no longer in BETA?
[twitter-dev] Re: Any iPhone Twitter apps with OAuth login ?
Hi Raffi, I concur with the above suggestions by Fabien and Rich. Our iPhone app, heypic.me, displays the OAuth login page in a webview. Upon launching the login page, we only see about 20% of our users get all the way through the Twitter login process. This is not a bug, we've checked, but rather the cumbersome experience of using that login page. Thanks, Andrew twitter.com/siggy_sf On Jan 11, 1:42 am, Rich rhyl...@gmail.com wrote: Hi Raffi For me there are two very important changes that need to be made to the oAuth login page 1) The DENY button is currently default, which means if you hit the return button on the iPhone keyboard is uses DENY instead of ALLOW. Please change the default button! 2) Please have a mobile friendly version like the m.twitter.com login page so that it fits a 320px wide screen without zooming. On Jan 8, 10:54 pm, Fabien Penso fabienpe...@gmail.com wrote: On Fri, Jan 8, 2010 at 11:24 PM, Raffi Krikorian ra...@twitter.com wrote: hey fabien (and the rest of the list). what do you think we could do to improve this for all of you? i'm actively interested in making it better. feel free to add to this thread, or mail me personally. Raffi, That would be such a great improvement. I think the required changes is small, I would go very simple and just display a login/password and the 2 buttons approve/deny in *large* without the sidebox on the right you have currently, as it's not needed. Something like what you get when you browse twitter.com/username from your iPhone.
[twitter-dev] Re: issues with retweets and API
But if I retweet a tweet on the first page, call home_timeline, it doesn't contain the retweet (only visible under retweeted_by_me). Same occurrance happens on twitter.com but twitter.com knows that i've retweeted (the difference between the API and twitter). +1 this is very aggravating... On Jan 10, 10:44 pm, srikanth reddy srikanth.yara...@gmail.com wrote: Any ETA for the following. Its been a while. http://code.google.com/p/twitter-api/issues/detail?id=1214 http://code.google.com/p/twitter-api/issues/detail?id=1274 On Tue, Jan 5, 2010 at 12:30 AM, John munz...@gmail.com wrote: I've noticed that this is not always the case. If I retweet an older tweet it shows up as a new tweet in home_timeline. But if I retweet a tweet on the first page, call home_timeline, it doesn't contain the retweet (only visible under retweeted_by_me). Same occurrance happens on twitter.com but twitter.com knows that i've retweeted (the difference between the API and twitter). I guess if it did show up that could also be a solution instead of needing to add new flags as I suggested above. Basically what you were saying in your first post: Quote: For your second point I am not seeing the retweeted status in my home_timeline for some reason... On Jan 4, 1:06 am, srikanth reddy srikanth.yara...@gmail.com wrote: home_timeline also includes both. For user retweeted status i would just check if(status[i].retweeted_status != null and status[i].user.screen_name == currentuser) But the problem comes when you have friends redundant status i.e status[i].retweeted_status != null and status[i].user.screen_name != currentuser. This friend's status appears in your home time line even after you retweet. If you try to retweet this it will throw an error as this has already been retweeted by you. To prevent this you have to manually disable friends 'retweets' appearing in your home_timeline (this option is available in web only and this has to be done for each and every user.Currently this is also not working) Anyhow these issues are already reported here http://code.google.com/p/twitter-api/issues/detail?id=1214 http://code.google.com/p/twitter-api/issues/detail?id=1274 On Mon, Jan 4, 2010 at 2:24 AM, John munz...@gmail.com wrote: I understood you since the beginning. It doesn't feel redundant to me, I'm pretty sure that is intended functionality. Even if they disappeared from retweeted by others there still needs to be a way to know if you can undo regular tweets you've retweeted since they don't include any retweeted information in the other timeline methods (home_timeline etc). On Jan 3, 11:40 am, srikanth reddy srikanth.yara...@gmail.com wrote: I am not sure i expressed it clearly. Pardon my lang They will only disappear if your friends undo. It is true that they will disappear if your friends undo. But my point is that they should also disappear(not instantly) from 'Retweets by Others' when you retweet them from 'Retweets by Others' tab( coz it will be added to 'retweets by me' ) and keeping them in 'Retweets by Others' is just redundant. If you refresh your 'Retweets by Others' tab you will see the tweet as retweeted by you and your friend and you have the option of undoing it. But this undoing is possible only in web. From API point of view, if these statuses are removed from 'retweets by others' the moment the user retweets them then undo is simple (just delete the status id obtained from the statuses/retweet response ). This type of undoing is done only instantly i.e u cannot undo if you refresh the tab.( retweeted_to_me' now does not include that status) This is true for other timeline methods as well. But if keeping this redundant data is intended then twitter has to make changes to the payload (i.e add the retweeted_by_me flag) and provide destroy/retweet methods as suggested by you). Hope i am clear now. On Sun, Jan 3, 2010 at 10:14 AM, John munz...@gmail.com wrote: They will always remain even if you undo. They will only disappear if your friends undo.
[twitter-dev] Is this application breaking Twitter API standards?
I've discovered an online application - I won't mention the name - but it seems to break Twitter API. I'm wondering how they get away with it. Here's what the application does. It allows the user to enter a number of keyword phrases to monitor with. Every time a phrase is mentioned e.g. twitter api, it replies to the person who sent that tweet with an automated response e.g. 'to find out more about twitter api visit http://xxx' Seems there's a couple of issues here. 1. How are they getting passed rate limiting to scan every tweet and then send out a reply? The application could have thousands of users! 2. According to Twitter The @reply function is intended to make communication between users easier, and automating this process to put unsolicited messages into lots of users’ reply tabs is considered an abuse of feature. If you are automatically sending @reply messages to a bunch of users, the recipients must request or approve this action in advance. For example, sending automated @replies based on keyword searches is not permitted. Users should also have an easy way to opt-out of your service (in addition to the requirement that all users must opt-in before receiving the messages). We review blocks and reports of spam, so you’ll need to provide a clear way for users to stop your messages. *Spam: You may not use the Twitter service for the purpose of spamming anyone. What constitutes “spamming” will evolve as we respond to new tricks and tactics by spammers. Some of the factors that we take into account when determining what conduct is considered to be spamming are: If you send large numbers of duplicate @replies; If you send large numbers of unsolicited @replies in an attempt to spam a service or link; Can anyone explain to me how this online application is getting around these issues? Thanks Colin
[twitter-dev] Reinstate 'from app' for Basic Auth desktop apps until OAuth is fixed
I'd like for Twitter to reinstate granting 'from app' links for desktop apps that use Basic Auth. As it stands, developers who have relatively new desktop apps are penalized by having updates from their app say 'from web'. Older Basic Auth desktop clients continue to enjoy a link back to the client web site with a 'from app' link. This link is an important way for an app to get noticed. The policy regarding this link should be applied uniformly to all developers who make Twitter clients. I understand Twitter is trying to force people to use OAuth, but that won't happen in a meaningful way until OAuth is reliable, has a truly usable workflow (PIN method isn't it), and can work well with other services (Twitpic, yfrog, etc). We aren't there yet. New apps that benefit Twitter by expanding the Twitter ecosystem are being unfairly penalized for using an authentication method that actually works well and is used by the majority of apps available. Please apply the policy regarding the 'from' link uniformly. Please reinstate it for desktop Basic Auth apps until it's possible for everyone to transition to OAuth in a way that makes sense. Thank you. Sanjay itsyapp (at) gmail http://mowglii.com/itsy
Re: [twitter-dev] Re: Best way to pull/cache location based search results?
You can apply for Gardenhose access at api at twitter dot com. We're currently not giving out Firehose access. Watch for further announcements about increased access levels. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc. On Mon, Jan 11, 2010 at 2:46 PM, GeorgeMedia georgeme...@gmail.com wrote: I understand there's a limitation on who is allowed to consume the firehose/gardenhose? I know my app, IPs, and username are whitelisted for the REST API but I am assuming getting access to the gardenhose requires that I contact someone at Twitter? Or has that changed since it is no longer in BETA?
[twitter-dev] Support from a...@twitter.com sucks!!!
I sent very specific questions to a...@twitter.com, not knowing that it is now being automatically fed into the Zendesk Twitter helpdesk system. The answer I received back consisted of: - I suggest that you check out the API wiki for this information: http://apiwiki.twitter.com/ . We also have a very active and helpful community at http://groups.google.com/group/twitter-development-talk , where our API team interacts with developers on a regular basis. You may want to join the group to participate in conversations about topics like these. Hope that helps, Support -- Well, F-ING D-UH!! Thanks for nothing.
Re: [twitter-dev] Support from a...@twitter.com sucks!!!
i'm sure someone is comparing our request with our last book purchase on amazon and designing us a new pair of jeans. On Mon, Jan 11, 2010 at 8:53 PM, Angel Robert Marquez angel.marq...@gmail.com wrote: ha, i got the same one, probably totally different detailed question. it felt like a kind personal rejection, until now. On Mon, Jan 11, 2010 at 8:50 PM, Dewald Pretorius dpr...@gmail.comwrote: I sent very specific questions to a...@twitter.com, not knowing that it is now being automatically fed into the Zendesk Twitter helpdesk system. The answer I received back consisted of: - I suggest that you check out the API wiki for this information: http://apiwiki.twitter.com/ . We also have a very active and helpful community at http://groups.google.com/group/twitter-development-talk , where our API team interacts with developers on a regular basis. You may want to join the group to participate in conversations about topics like these. Hope that helps, Support -- Well, F-ING D-UH!! Thanks for nothing.
Re: [twitter-dev] Support from a...@twitter.com sucks!!!
Have you tried posting the question here? To be fair the number of devs using twitter API is so huge, it will be impossible for them to answer individual requests. Adi www.appliedeye.com On Tue, Jan 12, 2010 at 10:20 AM, Dewald Pretorius dpr...@gmail.com wrote: I sent very specific questions to a...@twitter.com, not knowing that it is now being automatically fed into the Zendesk Twitter helpdesk system. The answer I received back consisted of: - I suggest that you check out the API wiki for this information: http://apiwiki.twitter.com/ . We also have a very active and helpful community at http://groups.google.com/group/twitter-development-talk , where our API team interacts with developers on a regular basis. You may want to join the group to participate in conversations about topics like these. Hope that helps, Support -- Well, F-ING D-UH!! Thanks for nothing.
Re: [twitter-dev] Support from a...@twitter.com sucks!!!
i think, i asked something less complicated and got radio silence. funny, what people respond to. i forget what it was actually, i think i wanted to know how to or if i could use oauth on a site and retrieve the geo info of the user id. signup and automatically plot their waypoint. i figured as much about the excess of questions that probably go through the system. On Mon, Jan 11, 2010 at 9:28 PM, Adi aditya@gmail.com wrote: Have you tried posting the question here? To be fair the number of devs using twitter API is so huge, it will be impossible for them to answer individual requests. Adi www.appliedeye.com On Tue, Jan 12, 2010 at 10:20 AM, Dewald Pretorius dpr...@gmail.comwrote: I sent very specific questions to a...@twitter.com, not knowing that it is now being automatically fed into the Zendesk Twitter helpdesk system. The answer I received back consisted of: - I suggest that you check out the API wiki for this information: http://apiwiki.twitter.com/ . We also have a very active and helpful community at http://groups.google.com/group/twitter-development-talk , where our API team interacts with developers on a regular basis. You may want to join the group to participate in conversations about topics like these. Hope that helps, Support -- Well, F-ING D-UH!! Thanks for nothing.
[twitter-dev] Application Definitions on the Twitter homepage
I apologize in advance is this isn't the right venue for asking this question, but how to developers get their applications posted on Twitter homepages? For instance, I see the following in the upper right hand corner below my profile information: Klout n. a fun way to analyze the social web. Thanks, Kevin
Re: [twitter-dev] Support from a...@twitter.com sucks!!!
Have you tried posting the question here? I'm sure Dewald has thought of that. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- If there was a hole, I would jump into it. -- Gackt Camui --
[twitter-dev] Re: OAuth image upload: how does Twitter want to see multi-part post OAuth parts?
Yusuke, Can you please share with us the raw text of your request? I am not familiar with Java. I am working with C++(.NET)
Re: [twitter-dev] Support from a...@twitter.com sucks!!!
typical On Mon, Jan 11, 2010 at 9:42 PM, Cameron Kaiser spec...@floodgap.comwrote: Have you tried posting the question here? I'm sure Dewald has thought of that. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- If there was a hole, I would jump into it. -- Gackt Camui --
[twitter-dev] Re: Twitter app marked inactive?
Well, it seems three of my applications have been inactivated. I checked through the four rule sets and I don't think I'm violating any of them, at least not deliberately. I am doing a fair amount of testing, so I do get rate limited from time to time, especially when testing the rate limiting response mechanisms. ;-) The only other thing I can think of is that I've got four applications, and I really could combine three of them into one. I need at least two, because most of them are read-only and I don't wan't to authorize writes for those. Curiously enough, it's the three read-only ones that got inactivated.
[twitter-dev] Re: Support from a...@twitter.com sucks!!!
If this is the level of support we can now expect from the Platform Team, we can just as well devour our stash of refrigerated salami sandwiches in one sitting and start coding for MySpace, LinkedIn and Jaiku instead. I am still marginally hopeful that this was just a major beaurocratic fuckup. On Jan 12, 12:53 am, Angel Robert Marquez angel.marq...@gmail.com wrote: ha, i got the same one, probably totally different detailed question. it felt like a kind personal rejection, until now. On Mon, Jan 11, 2010 at 8:50 PM, Dewald Pretorius dpr...@gmail.com wrote: I sent very specific questions to a...@twitter.com, not knowing that it is now being automatically fed into the Zendesk Twitter helpdesk system. The answer I received back consisted of: - I suggest that you check out the API wiki for this information: http://apiwiki.twitter.com/. We also have a very active and helpful community athttp://groups.google.com/group/twitter-development-talk, where our API team interacts with developers on a regular basis. You may want to join the group to participate in conversations about topics like these. Hope that helps, Support -- Well, F-ING D-UH!! Thanks for nothing.
[twitter-dev] Re: Support from a...@twitter.com sucks!!!
Some support requests contain confidential information that cannot be asked in a public forum like this. On Jan 12, 1:42 am, Cameron Kaiser spec...@floodgap.com wrote: Have you tried posting the question here? I'm sure Dewald has thought of that. -- personal:http://www.cameronkaiser.com/-- Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com -- If there was a hole, I would jump into it. -- Gackt Camui --
[twitter-dev] Re: Support from a...@twitter.com sucks!!!
I've found Twitter's support of freelance developers to be *way* above average. Compared to Apple, Microsoft, or even Google, Twitter is a joy to work with. There's a sense of community here that I rarely see outside of pure open source projects like PostgreSQL, Perl, Ruby and Linux.
RE: [twitter-dev] Any iPhone Twitter apps with OAuth login ?
1. The page needs to display correctly (laid out nicely, with the entire form above the fold) on a 2.4 QVGA (240x320 and 320x240) screen when images, Javascript, and flash are all disabled. 2. Replace the manual PIN entry requirement with something else. The OAuth 1.0a designers greatly under-estimated the poor usability of manual PIN entry, especially on mobile devices. One suggestion off the top of my head: allow OAuth 1.0 (in addition to OAuth 1.0a) if--and only if--all parts of the OAuth authorization flow take place in the same TLS session (e.g. using TLS session resumption and/or a persistent HTTPS connection when/if Twitter supports persistent connections) and the application is registered as a desktop app (not a web app). Raffi Krikorian wrote: hey fabien (and the rest of the list). what do you think we could do to improve this for all of you?
Re: [twitter-dev] Any iPhone Twitter apps with OAuth login ?
2. Replace the manual PIN entry requirement with something else. The OAuth 1.0a designers greatly under-estimated the poor usability of manual PIN entry, especially on mobile devices. One suggestion off the top of my head: allow OAuth 1.0 (in addition to OAuth 1.0*a*) if--and only if--all parts of the OAuth authorization flow take place in the same TLS session (e.g. using TLS session resumption and/or a persistent HTTPS connection when/if Twitter supports persistent connections) and the application is registered as a desktop app (not a web app). i definitely hear the pain in the PIN workflow -- just as a quick point of note, we're not set up to handle persistent HTTP/HTTPS connections at this time. keep the ideas going - loving this thread. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
[twitter-dev] Re: Support from a...@twitter.com sucks!!!
It is a big misnomer to label everyone as developers let alone as freelance. A good number of us actually run very serious businesses with substantial revenues. On Jan 12, 2:21 am, M. Edward (Ed) Borasky zzn...@gmail.com wrote: I've found Twitter's support of freelance developers to be *way* above average. Compared to Apple, Microsoft, or even Google, Twitter is a joy to work with. There's a sense of community here that I rarely see outside of pure open source projects like PostgreSQL, Perl, Ruby and Linux.
RE: [twitter-dev] Any iPhone Twitter apps with OAuth login ?
You do support TLS session resumption already though. Session resumption is where one HTTPS connection reuses the same handshake as a previous HTTPS connection. % openssl s_client -connect api.twitter.com:443 --reconnect . Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA . Session-ID: C076F0B02BB71058612A0942794BE6365A4482CEF9D1B15D7CD98BF91234EBDB . Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA . Session-ID: C076F0B02BB71058612A0942794BE6365A4482CEF9D1B15D7CD98BF91234EBDB . Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA . Session-ID: C076F0B02BB71058612A0942794BE6365A4482CEF9D1B15D7CD98BF91234EBDB From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of Raffi Krikorian Sent: Tuesday, January 12, 2010 12:33 AM To: twitter-development-talk@googlegroups.com Subject: Re: [twitter-dev] Any iPhone Twitter apps with OAuth login ? 2. Replace the manual PIN entry requirement with something else. The OAuth 1.0a designers greatly under-estimated the poor usability of manual PIN entry, especially on mobile devices. One suggestion off the top of my head: allow OAuth 1.0 (in addition to OAuth 1.0a) if--and only if--all parts of the OAuth authorization flow take place in the same TLS session (e.g. using TLS session resumption and/or a persistent HTTPS connection when/if Twitter supports persistent connections) and the application is registered as a desktop app (not a web app). i definitely hear the pain in the PIN workflow -- just as a quick point of note, we're not set up to handle persistent HTTP/HTTPS connections at this time. keep the ideas going - loving this thread. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Re: OAuth image upload: how does Twitter want to see multi-part post OAuth parts?
i suggest taking a look at http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ as it has a pretty good walk through of how to construct the parameters. one point of note is that when the Content-Type of the request is -not- application/x-www-form-urlencoded, then the POST body should -not- be included as part of the signature. so, assuming you're using multi-part and the image is in the POST body, do not include it in the signature block. On Mon, Jan 11, 2010 at 8:30 PM, Vikram vikram.prav...@gmail.com wrote: Yusuke, Can you please share with us the raw text of your request? I am not familiar with Java. I am working with C++(.NET) -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
[twitter-dev] Re: Reinstate 'from app' for Basic Auth desktop apps until OAuth is fixed
I'm doing desktop apps and I think the PIN workflow is just fine as is. If there are security reasons why something else is needed, I can see changing it. But it's no big deal for me to fire up a browser, push the allow button, double-click on a PIN, and then CTL-C / CTL- SHIFT-V into a Konsole window. ;-) On Jan 11, 11:01 pm, Raffi Krikorian ra...@twitter.com wrote: As it stands, developers who have relatively new desktop apps are penalized by having updates from their app say 'from web'. Older Basic Auth desktop clients continue to enjoy a link back to the client web site with a 'from app' link. ... I understand Twitter is trying to force people to use OAuth, but that won't happen in a meaningful way until OAuth is reliable, has a truly usable workflow (PIN method isn't it), and can work well with other services (Twitpic, yfrog, etc). We aren't there yet. i'm trying to gather use cases around OAuth to help it make sense for more people to use it -- as it stands, we are not going to allow the source parameter to be set in new applications unless they come from OAuth. so, please help me out! is the reliability of OAuth an actual concern? do you have a suggestion as to what you would like to see other than the PIN workflow? additionally, we're actively working on a delegation method for integration with other services. -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
[twitter-dev] Twitter Search - the page you were looking for doesn't exist
Twitter Search has been very problematic today, mainly for searches using operators. For instance, this search currently returns an error message: http://search.twitter.com/search?q=near%3Aedmonton The page you were looking for doesn't exist. You may have mistyped the address or the page may have moved. It happened a few times earlier today as well, and came back after a short period. What gives?! Thanks!
Re: [twitter-dev] Re: Support from a...@twitter.com sucks!!!
I like the community too, that is why when I received my canned ticket response I shrugged it off. : It is a big misnomer to label everyone as developers let alone as freelance. A good number of us actually run very serious businesses with substantial revenues. Either way, support is support a valid request should receive a valid response for whatever you think you are. On Jan 12, 2:21 am, M. Edward (Ed) Borasky zzn...@gmail.com wrote: I've found Twitter's support of freelance developers to be *way* above average. Compared to Apple, Microsoft, or even Google, Twitter is a joy to work with. There's a sense of community here that I rarely see outside of pure open source projects like PostgreSQL, Perl, Ruby and Linux.